MEMZ
MEMZ is a custom-made trojan on Microsoft Windows, originally created for danooct1's User-Made Malware series. It has gained fame and notoriety due to its highly-complex and unique payloads. Description MEMZ is a dangerous trojan on Microsoft Windows. It was originally created for Danooct1's "Viewer-Made Malware" series. This trojan has quite a few payloads, which all automatically activate after each other, with some delay. It is available as a .exe file and a batch version. The batch version works like a self-extracting archive, which just extracts and runs the exe out of itself. Payloads When MEMZ is run, it will leave a note for you telling the user that they will not be able to use the computer anymore after rebooting it. Killing MEMZ via Task Manager or shutting down will instantly crash the computer. The moment you see this message, your operating system has already been replaced by a "Nyan Cat" animation, running as a custom bootloader. You can still use Windows until the next reboot. The first payload inside of Windows is opening random programs, websites or Google searches, after a while, the trojan will start moving the mouse slightly, and windows saying "still using this computer?" appear, getting more violent and rapid later on. A bit after that, error icons start appearing everywhere and at the location of your mouse. It will also play many error sounds. The final payload is that it will pretty much screencap your whole screen (known as Screen tunnel by the creator), and overlap it on the screen. This will eventually get faster and faster. Trying to end the MEMZ process will pop up will tons of "leetspeek" messages, and then crash the computer. Restarting the computer initiates the final payload, which relies on the first hard drive's MBR having been overwritten earlier. Instead of booting into the operating system, the computer will enter: "Your computer has been trashed by the MEMZ Trojan. Now enjoy the Nyan cat..." Followed by an animation of the Nyan Cat being played with the PC speakers producing the well-known soundtrack for the animation. Name The MEMZ trojan is a misspelling on the word "Memes". This is why most parts of this trojan contain "leetspeek" and random web searches, Nyan Cat, and references to Materialisimo's video "MLG Antivirus". The creator of this trojan, Leurak, makes a few Joke Programs, like the Illuminati Joke Program, and the Earthquake joke program. Leurak's Channel Recognition This trojan has gotten recognition ever since Danooct1 uploaded his review, for which the trojan was originally made. Joel from "Vinesauce" used it in his "Windows 10 Destruction" stream, where he showcases MEMZ near the ending of the first livestream. He also thanks Danooct1 for helping with getting the trojan. Many other people prank call IT scammers to 'Help' them with removal of MEMZ on a VM. Removal The destructive version of MEMZ overwrites the first 64KB of the first HDD. This affects the MBR and the partition table. By using bootable recovery media, like the Windows installation disc or Linux-based live media, it should be possible to recover that. MEMZ is also killable inside of Windows, using the command taskkill /f /im MEMZ.exe. This kills all processes of MEMZ without crashing the system. However, the HDD is still overwritten and Nyan Cat will launch after a reboot, requiring the user to repair the MBR using typical repair commands. Trivia * MEMZ runs on all Windows versions that are XP or up. * MEMZ is Open-Source on GitHub * There is a non-destructive version of MEMZ, which has a GUI for manual control over all of the payloads. * It is currently unknown if MEMZ has entered the wild; Microsoft's own help desk has several questions related to MEMZ from confused (or inexperienced users) who ran the trojan without reading the warnings first, but as of 2016 there is no evidence that the trojan has been propagated through any traditional method. To prevent malicious users from deliberately spreading the trojan, currently only versions 4 (which has the disclaimer and non-destructive version bundled with the destructive version) and up are available to download. * There is a special version of MEMZ called VineMEMZ, which contains only Vinesauce memes and was streamed by Joel in his last part of the Windows 10 Destruction, such as "PC Optimizer Pro". Category:Trojan Category:Win32 Category:Virus Category:Win32 trojan Category:Win32 virus Category:BAT Category:First Category:Trojan dropper Category:Microsoft Windows Category:Malware reviewed by Vinesauce Category:Linux Category:Malware researched by Danooct1